. NET prevents direct download from the address bar and protects documents and attachments on the website.

. The files and attachments uploaded on the. net Website do not need to be downloaded by unauthorized users due to confidentiality or copyright reasons. users who have logged on can download the files according to their authorization, if the server does not perform special processing, it only needs to know the actual address of the file attachment, and cannot prevent unauthorized download. This article describes how to change IIS ing and modify web pages on the Internet. config and then customize httphandler to determine whether to log on or not. The operation is complicated and not easy to implement. After research on your website, we found a convenient method.

The general idea is: 1. Prohibit the specified file type in the relevant folder from being accessed through a browser; 2. Use a download module to download attachments by using a physical address as a file stream, you can further judge the permission in the download module.

1. Prohibit Access to specified types of Attachments

Create a web. config file in the specified folder (such as UploadFiles) with the following content:

In this way, the files with the above extension in the UploadFiles folder cannot be directly accessed through the browser. If you want to restrict the entire website, the above content will be written to the root web. the preceding settings can also be completed in the "request filtering" section of the IIS manager.

Ii. Use the download module to process downloads

Create An aspx program downatt. aspx:

Downatt. aspx code:

<% @ PageLanguage = "C #" AutoEventWireup = "true" CodeFile = "downAtt. aspx. cs" Inherits = "downAtt" %>

Downatt. aspx. cs code:

Using System;

Public partialclassdownAtt: System. Web. UI. Page

{

ProtectedvoidPage_Load (object sender, EventArgse)

{

Stringfilepath = Server. MapPath (Request. QueryString ["file"]); // obtain the physical path of the file "file ".

String [] filename1 = filepath. Split ('/');

Stringfilename = filename1 [filename1.Length-1]; // get the file name

System. IO. FileInfo file = newSystem. IO. FileInfo (filepath );

Response. Clear ();

// Response. ContentEncoding = System. Text. Encoding. UTF8;

// Add the header information and specify the default file name for the "download/Save as" dialog box

Response. AddHeader ("Content-Disposition", "attachment; filename =" + Server. UrlEncode (filename ));

// Add header information and specify the file size so that the browser can display the download progress.

Response. AddHeader ("Content-Length", file. Length. ToString ());

Response. ContentType = "application/octet-stream ";

// Send the file stream to the client

Response. WriteFile (file. FullName );

// Stop page execution

Response. End ();

}

}

3. Download attachments

Download the attachment through downatt. aspx:

Access downatt. aspx? File = attachment path (for example, uploadfile/a.doc.

Iv. Further settings

Configure logon control in web. config,

// Login. aspx indicates the logon module.

// Prohibit anonymous user access

As long as you access a program such as aspx on the website, you must log on. The above processing effectively prevents the specified attachment from being downloaded illegally.